GOOGLE HACKING

Google serves almost 80 percentof all search queries on the Internet, proving itself as the most popular search engine. However Google makes it possible to reach not only the publicly available information resources, but also gives access to some of the most confidential information that should never have been revealed. In this post I will show how to use Google for exploiting security vulnerabilities within websites.The following are some of the hacks that can be accomplished using Google.

1. Hacking Security Cameras

There exists many security cameras used for monitoring places like parking lots, college campus, road trafficetc. which can be hacked using Google so that you can view the images captured by those cameras in real time. All you have to do is use the following search query in Google. Type in Google search box exactly as follows and hit enter
inurl:”viewerframe?mode=motion”
Click on any of the search results (Top 5 recommended) and you will gain access to the live camera which has full controls. You will see something as follows

As you can see in the above screenshot, you now have access to the Live cameras which work in real-time. You can also move the cameras in all the four directions, perform actions such as zoom in and zoom out. This camera has really aless refresh rate. But there are other search queries through you can gain access to other cameras which have faster refresh rates. So to access them just use the following search query.
intitle:”Live View / – AXIS”
Click on any of the search results to access a different set of live cameras. Thus you have hacked Security Cameras using Google.

2. Hacking Personal and Confidential Documents

Using Google it is possible to gain access to an email repository containing CV of hundreds of people which were created when applying for their jobs. The documents containing theirAddress, Phone, DOB, Education, Work experience etc. can be found just in seconds.
intitle:”curriculum vitae” “phone * * *” “address *” “e-mail”
You can gain access to a list of .xls (excel documents) which contain contact details including email addresses of large group of people. To do sotype the following search query and hit enter.
filetype:xls inurl:”email.xls”
Also it’s possible togain access to documents potentially containing information on bank accounts, financial summaries and credit card numbers using the following search query
intitle:index.of finances.xls

3. Hacking Google to gain access to Free Stuffs

Ever wondered how to hack Google for free music or ebooks. Well here is a way to do that. To download free music just enter the following query on google search box and hit enter.
“?intitle:index.of?mp3eminem“
Now you’ll gain access to the whole index of eminem album where in you can download the songs of your choice. Instead of eminem you can subtitute the name of your favorite album. To search for the ebooks all you have to do is replace “eminem” with your favorite book name. Also replace “mp3″ with “pdf” or “zip” or “rar”.

Bonus Material:

Here is a list of my favorite Google advanced search operators, operator combinations, and related uses:

• link:URL = lists other pages that link to the URL.
• related:URL = lists other pages that are related to the URL.
• site:domain.com “search term = restricts search results to the given domain.
• allinurl:WORDS = shows only pages with all search terms in the url.
• inurl:WORD = like allinurl: but filters the URL based on the first term only.
• allintitle:WORD = shows only results with terms in title.
• intitle:WORD = similar to allintitle, but only for the next word.
• cache:URL = will show the Google cached version of the URL.
• info:URL = will show a page containing links to related searches, backlinks, and pages containing the url. This is the same as typing the url into the search box. 
• filetype:SOMEFILETYPE = will restrict searches to that filetype
• -filetype:SOMEFILETYPE = will remove that file type from the search.
• site:www.somesite.net “+www.somesite.net” = shows you how many pages of your site are indexed by google
• allintext: = searches only within text of pages, but not in the links or page title
• allinlinks: = searches only within links, not text or title
• WordA OR WordB = search for either the word A or B
• “Word” OR “Phrase” = search exact word or phrase
• WordA -WordB = find word A but filter results that include word B
• WordA +WordB = results much contain both Word A and Word B
• ~WORD = looks up the word and its synonyms
• ~WORD -WORD = looks up only the synonyms to the word 

Using Google, and some finely crafted searches we can find a lot of interesting information.


For Example we can find:

Credit Card Numbers

Passwords

Software / MP3's

...... (and on and on and on) Presented below is just a sample of interesting searches that we can send to google to obtain info that some people might not want us having.. After you get a taste using some of these, try your own crafted searches to find info that you would be interested in.

Try a few of these searches:
More searches which Mother Nature never intended! Most of these are handy for finding security exploits on your own site; simply add a string from your own domain’s URL to check. But really, why limit ourselves? If it has an evil purpose, I’m including it. By the way, there is nothing illegal about typing in a search string; it is up to the website to secure this data. It’s what you DO with this information that you find which makes all of the difference. signin filetype:url - OK, class, this is how we do NOT use Javascript to manage our passwords. Any questions? “index of /” ( upload.cfm | upload.asp | upload.php | upload.cgi | upload.jsp | upload.pl ) - A great way to find file upload pages on websites. Most of these will be password protected; every now and then you find one that isn’t! Like this German Spanish site…  I guess some civic-minded folk want to provide you with free file storage… (intitle:”WordPress › Setup Configuration File”)|(inurl:”setup-config.php?step=1″) - WordPress has become one of the leading blog systems out there. So you should be aware that if you run WordPress, there are black-hat hackers out there working around the clock to find a vulnerability on your site. Some of the hits returned from this search will be people who never configured it after they installed it, so it’s waiting for anyone to find it and take over. Now that we’re done plowing through all of the boring security research stuff, here’s a couple of cute tricks. In these last two cases, these may not be security violations at all; they might be intentionally giving the stuff away and the worst you’re doing is bypassing an ad or two. DSC00001.JPG - This was in a lot of bookmark sites lately. What you do is search Google images for this string… and if nobody else is looking, turn “safe search” off! What this is is the default naming scheme for image files taken on Sony digital cameras. People post the picture without renaming it. And don’t forget DSC00002.JPG, DSC00003.JPG, and so on. Judging by my browsing so far, the first thing most people photograph is their girlfriend. intitle:”index of” ”last modified” ”parent directory” (wmv|mp3) - At last the one everybody was waiting for: finding free media! Now, this example gives you directories with movie files in either MWV (Windows Media Viewer) or MP3. To find files on a particular subject, just enter the name of that subject. I’ll not speculate on what kind of movies you might be looking for - but I’m sure you’ll think of something! To change that to some other media file, you can try replacing wmv with jpg for images, wav for sounds, etc. The trouble is, this hack is so old that a number of adult porn sites have deliberately set up their web pages to mimic this result, where, of course, you end up with a pop-up demanding credit card data or getting link-jacked to a malware site. Have fun, and remember that I gave you all this handy info in the good faith that you’ll only use it responsibly.


intitle:"Index of" passwords modified
allinurl:auth_user_file.txt
"access denied for user" "using password"
"A syntax error has occurred" filetype:ihtml
allinurl: admin mdb
"ORA-00921: unexpected end of SQL command"
inurl:passlist.txt
"Index of /backup"
"Chatologica MetaSearch" "stack tracking:"


Amex Numbers: 300000000000000..399999999999999
MC Numbers: 5178000000000000..5178999999999999

visa 4356000000000000..4356999999999999
"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "MP3-xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
Notice that I am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.

METHOD 2

put this string in google search:

?intitle:index.of? mp3

You only need add the name of the song/artist/singer.

Example: ?intitle:index.of? mp3 jackson

METHOD 3

put this string in google search:

inurl:microsoft filetype:iso

You can change the string to watever you want, ex. microsoft to adobe, iso to zip etc…

"# -FrontPage-" inurl:service.pwd

Frontpage passwords.. very nice clean search results listing !!
"AutoCreate=TRUE password=*" 
This searches the password for "Website Access Analyzer"
, a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/
"http://*:*@www" domainname
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net
"http://*:*@www" bangbus or "http://*:*@www"bangbus
Another way is by just typing
"http://bob:bob@www"
"sets mode: +k"



This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.

allinurl: admin mdb

Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!
allinurl:auth_user_file.txt

DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)

intitle:"Index of" config.php

This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.
eggdrop filetype:user user



These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.
intitle:index.of.etc



This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!

filetype:bak inurl:"htaccess|passwd|shadow|htusers"



This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version).

Every attacker knows that changing the extenstion of a file on a webserver can have ugly consequences.
Let's pretend you need a serial number for windows xp pro.

In the google search bar type in just like this - "Windows XP Professional" 94FBR

the key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' porn sites that trick you.
or if you want to

find the serial for winzip 8.1 - "Winzip 8.1"